This repository was archived by the owner on Sep 24, 2018. It is now read-only.
This repository was archived by the owner on Sep 24, 2018. It is now read-only.
Querying comments by post_slug is protected #1979
Description
Why does querying comments by post_slug require authentication but by post_id it doesn't?
This is causing me issues for something I am building since I cannot request the post and the comments in parallel since I don't know the post's ID from the URL. So I have to wait for the post request to finish before requesting the comments. I can't see any reason why most of those arguments are protected (see code below).
$prepared_args = array(
'number' => $request['per_page'],
'post_id' => $request['post'] ? $request['post'] : '', // <--- Not authenticated
'parent' => isset( $request['parent'] ) ? $request['parent'] : '',
'search' => $request['search'],
'orderby' => $this->normalize_query_param( $order_by ),
'order' => $request['order'],
'status' => 'approve',
'type' => 'comment',
);
$prepared_args['offset'] = $prepared_args['number'] * ( absint( $request['page'] ) - 1 );
if ( current_user_can( 'edit_posts' ) ) {
$protected_args = array(
'user' => $request['user'] ? $request['user'] : '',
'status' => $request['status'],
'type' => isset( $request['type'] ) ? $request['type'] : '',
'author_email' => isset( $request['author_email'] ) ? $request['author_email'] : '',
'karma' => isset( $request['karma'] ) ? $request['karma'] : '',
'post_author' => isset( $request['post_author'] ) ? $request['post_author'] : '',
'post_name' => isset( $request['post_slug'] ) ? $request['post_slug'] : '', // <--- Authenticated :(
'post_parent' => isset( $request['post_parent'] ) ? $request['post_parent'] : '',
'post_status' => isset( $request['post_status'] ) ? $request['post_status'] : '',
'post_type' => isset( $request['post_type'] ) ? $request['post_type'] : '',
);
$prepared_args = array_merge( $prepared_args, $protected_args );
}On another note the comments _embedded in the post also can't be ordered which is a pain since I am showing the comments in asc order and the api doesn't take into account the discussion settings in WordPress. Which means I need to do additional api requests for the comments.
